Privacy Policy

ANX LLC d/b/a AlphaNetx (www.alphanetx.com)

Effective Date: 17^th November 2025

1. Introduction

This Privacy Policy governs every interaction you have with AlphaNetx—whether you browse www.alphanetx.com, request a quote, register for a client portal, receive performance advertising, commission a website, activate hosting, license a chatbot, or use our CRM and support services.

We are a Wyoming LLC with headquarters in Cheyenne and a full development and marketing center in Tel Aviv. Because our users and clients span the globe, we have built this Policy to satisfy Israel’s Privacy Protection Law (PPL), 5741-1981 (including Amendment No. 13), U.S. federal requirements under the FTC Act and CAN-SPAM, and the highest international benchmarks. Where jurisdictions conflict, we default to the more protective standard.

Your continued use of the Site or Services after the Effective Date signals your acceptance of this Policy. If you object to any term, you must stop using the Site and Services immediately and contact us to discuss deletion of any data already collected.

2. Who We Are

Data Controller ANX LLC 1712 Pioneer Ave, Cheyenne, WY 82001, United States Operational office: 22 Rothschild Blvd, Tel Aviv 6688218, Israel

Privacy Team

• Privacy Officer: [email protected]
• U.S. phone: +1 (307) 555-0199
• Israel phone: +972 (3) 555-0166

We handle privacy inquiries through the contact above. If required by law, we will appoint a formal Data Protection Officer and update this section accordingly.

3. Personal Data We Collect

We collect the minimum data required to deliver, measure, and improve our Services. The table below details each category, concrete examples, and the precise moment of collection.

We never collect special-category data (health, ethnicity, political opinions, biometrics) unless you explicitly provide it in a form field clearly marked as optional and we secure separate consent.

4. How We Collect Data

Collection occurs through three distinct channels, each with transparent notice at the point of capture.

1. Direct Interactions
   • Web forms: Every form footer contains a link to this Policy and a checkbox for marketing consent (Israel) or notice of opt-out rights (U.S.).
   • Client onboarding: During SOW execution we request contact and billing details via encrypted portal.
   • Support tickets: Email or in-app chat may capture additional context.
2. Automated Technologies
   • Cookies & pixels: Deployed via Google Tag Manager; a persistent consent banner appears on first load and on every return visit from a new device.
   • Server logs: Standard Apache/Nginx logs capture IP and request headers for 12 months.
   • Analytics suites: Google Analytics 4 (anonymized IP), Hotjar (heatmaps with masking of PII), Mixpanel (event tracking with pseudonymized user IDs).
3. Client-Provided Data
   • Clients upload lead files via encrypted SFTP or our client portal.
   • We act as processor; the uploading client remains controller and must warrant lawful basis.

All automated tools display a privacy notice in the browser footer and within the consent banner.

5. Legal Bases for Processing

Israeli and international law require us to identify a valid legal basis before any processing begins. We map every data flow to one or more of the following bases and maintain an internal Register of Processing Activities.

We rely on legitimate interests only where appropriate and provide opt-out options.

6. Use of Cookies & Tracking

Cookies, pixels, local storage, and similar technologies are essential to our Services. We classify them into four functional groups and give you granular control.

Consent Banner Mechanics

• Appears on first page load and whenever cookies are updated.
• “Accept All,” “Reject Non-Essential,” and “Manage Preferences” buttons.
• Preference center stores your choice for 12 months via a first-party cookie.

Cookie Categories

Please refer to our Cookie Policy for more information.

7. Remarketing & Ad Platforms

Remarketing enables us to re-engage users who have shown interest in a client’s offer. Implementation is strictly controlled.

Technical Flow

1. Client authorizes pixel placement on their landing page.
2. When a visitor lands, a hashed identifier (SHA-256 of email or phone) and event data (e.g., “Form Started”) are sent to the ad platform.
3. Platforms match the hash to their user base and serve ads only to matched profiles.

Supported Platforms

• Google Ads (Customer Match + Conversion Tracking)
• Meta Custom Audiences
• TikTok Audiences
• LinkedIn Matched Audiences

User Controls

• Decline upfront: Reject marketing cookies in the consent banner.
• Platform-level opt-out: Google Ads Settings, Facebook Ad Preferences, TikTok Ads Manager, LinkedIn Ad Settings.
• Global exclusion: Email [email protected] with subject “Remarketing Opt-Out” – we add your hashed email to a suppression list within 48 hours.

Data Minimization

• Raw emails or phones are never transmitted.
• Hashes are one-way and salted per platform.
• Event data is limited to conversion milestones defined in the client SOW.

All transmissions occur over TLS 1.3; logs are retained for 90 days for audit only.

8. How We Use Your Data

We process Personal Data only for the specific, documented purposes listed below. Every internal system and employee handbook references this section.

We never sell Personal Data. We never use it for automated individual decision-making with legal effect.

9. Data Sharing & Subprocessors

We engage trusted partners to operate our Services. Each is bound by a Data Processing Agreement (DPA) that mirrors or exceeds PPL and GDPR obligations.

10. Cross-Border Transfers

Israel ↔ United States

• Israel enjoys an adequacy decision from the EU; transfers to our Wyoming entity are therefore permitted without further safeguards.
• Internal Binding Corporate Rules (BCRs) govern intra-group flows.

Onward Transfers (e.g., to AWS US)

• Executed EU Standard Contractual Clauses (2021/914) between ANX LLC (exporter) and the recipient (importer).
• Supplementary measures: end-to-end encryption, pseudonymization, and quarterly Transfer Impact Assessments (TIAs).

Client-Controlled Data

• Clients may restrict processing to Israel or EU data centers by written notice; we adjust hosting within 14 days at cost.

11. Data Storage & Retention

We retain Personal Data only as long as required for the purpose or by law.

Deletion Process

1. User or Client requests deletion.
2. Data is quarantined for 30 days (revocable).
3. Irreversibly deleted from live systems and backups.

12. Data Security

Our security program is  audited annually by an independent third party.

Technical Measures

• Encryption: AES-256 at rest; TLS 1.3 in transit.
• Access Control: Role-based, MFA, least-privilege, quarterly review.
• Network: WAF, DDoS mitigation, VPC isolation.
• Endpoint: EDR, disk encryption on all company devices.

Organizational Measures

• Mandatory annual privacy & security training.
• Incident response plan tested biannually.
• Breach Notification:
  • Internal detection → 24 hours.
  • Client notification → 48 hours.
  • PPA (Israel) → 72 hours if required.

13. Your Rights

You hold the following rights under applicable law. We honor them free of charge and respond within 30 calendar days (Israel PPL) or one month (GDPR-equivalent).

Submission: Email [email protected] with subject “DSAR – [Your Name]”. Identity verification required (last 4 digits of phone or order ID).

14. Marketing Communications

We send promotional messages only when permitted.

Israel Residents

• Explicit opt-in required before first message.
• Double opt-in workflow: form checkbox + confirmation email.
• Every message contains unsubscribe link and physical address.

U.S. Residents

• CAN-SPAM compliance:
  • Valid header, subject line, physical address.
  • Functional unsubscribe honored within 10 business days.

Global Suppression

• All opt-outs feed a single suppression list.
• Re-consent required after 12 months of inactivity.

11. Data Storage & Retention

We keep Personal Data only as long as needed for the purpose or required by law.

Deletion Steps

1. Request received.
2. Data quarantined for 30 days (revocable).
3. Permanently removed from live systems and backups.

12. Data Security

We apply industry-standard safeguards to protect your data.

Technical Controls

• Encryption: AES-256 at rest; TLS 1.3 in transit.
• Access: Role-based, multi-factor authentication, least-privilege.
• Network: Web application firewall, DDoS protection, secure VPCs.

Organizational Controls

• Annual staff training on privacy and security.
• Written incident response plan.
• Breach Response:
  • Detect → 24 hours internal alert.
  • Notify affected Clients → 48 hours.
  • Report to Israel PPA → within 72 hours if required.

13. Your Rights

You have the following rights under applicable law. We process requests free of charge within 30 calendar days.

Submit: Email [email protected] with subject “DSAR – [Your Name]”. We verify identity using last 4 digits of phone or order ID.

14. Marketing Communications

We send promotional messages only when allowed.

Israel Residents

• Explicit opt-in required before first message.
• Double opt-in: checkbox + confirmation email.
• Every message includes unsubscribe link and physical address.

U.S. Residents

• CAN-SPAM compliance:
  • Accurate headers, subject line, physical address.
  • Functional unsubscribe honored within 10 business days.

Global Suppression

• All opt-outs enter a single suppression list.
• Re-consent needed after 12 months of inactivity.

15. Cookie Policy

We maintain a separate Cookie Policy that details every cookie, pixel, and tracking technology used on the Site and in our Services. You can access the full, up-to-date Cookie Policy at www.alphanetx.com/cookies. It explains consent mechanisms (including the banner that appears on first visit and re-prompts after 12 months or material changes), cookie categories, and how to manage preferences.

16. Children’s Data

We do not knowingly collect data from anyone under 16.

• Forms may include age screening for relevant campaigns.
• If discovered, we delete within 24 hours.
• Parents: contact [email protected] for removal.

17. Do Not Track (DNT) & Global Privacy Controls

• We honor browser DNT signals for analytics and marketing cookies.
• Global Privacy Control (GPC) signals are respected.
• Essential cookies and contract processing are unaffected.

18. Changes to This Policy

We may update this Policy for legal, technical, or business reasons.

Process

1. Draft reviewed internally.
2. Material changes posted on Site 30 days in advance.
3. Registered Clients receive email notice.
4. New Effective Date appears at top.

Continued use after the new date means acceptance. If you object, contact us to end Services and delete data.

19. Complaints & Authorities

We resolve concerns internally within 30 days.

Escalation

• First: [email protected]
• Second: Privacy contact above

External

You may file a complaint at any time.

20. Contact Us

Email (preferred): [email protected] Subject: “Privacy – [Brief Description]”

Mail ANX LLC Attn: Privacy 1712 Pioneer Ave Cheyenne, WY 82001 USA

Response

• Acknowledgement: 2 business days
• Full reply: 30 calendar days (extension notice if needed)

We log all inquiries securely for 3 years.